IBM Security Bulletin: The Elastic Storage Server and the GPFS Storage Server are affected by a vulnerability in IBM Spectrum Scale (CVE-2017-1304)

Use of IBM Spectrum Scale on an Elastic Storage Server/GPFS Storage Server in an unsupported configuration, where user applications are running on an active ESS I/O server node and utilize direct I/O to perform a read or a write to a Spectrum Scale file, may result in a daemon failure, possibly leading to denial of service or undetected data corruption.

CVE(s): CVE-2017-1304

Affected product(s) and affected version(s):

The Elastic Storage Server 5.0 thru 5.0.1

The Elastic Storage Server 4.5 thru 4.6

The Elastic Storage Server 4.0 thru 4.0.6

The Elastic Storage Server 3.5 thru 3.5.6

The Elastic Storage Server 3.0 thru 3.0.5

The Elastic Storage Server 2.5 thru 2.5.5

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2slWJAl
X-Force Database: http://ift.tt/2rR5LCh

The post IBM Security Bulletin: The Elastic Storage Server and the GPFS Storage Server are affected by a vulnerability in IBM Spectrum Scale (CVE-2017-1304) appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team http://ift.tt/2smcgAd